Persona100 Privacy Policy

CAEN Inc. (“we”, “us”, or the “Company”) sets forth this Privacy Policy (“Policy”) regarding the handling of users’ personal and other information in the “Persona100” service (“Service”).

Please read this Policy carefully before using the Service and use the Service only after understanding its contents.

Article 1 (Name of Business Operator)

1. Business operator: CAEN Inc.
2. URLs, address, representative name, and other details of this Service and other websites we operate will be shown separately on our website.
3. Contact information for handling personal information is specified in Article 15.

Article 2 (Scope of Application)

1. This Policy applies to all handling of information we obtain and use in the Service.
2. Handling of information on third‑party websites or services accessible via links from the Service is governed by the privacy policies of those third parties, not by us.

Article 3 (Types of Information Collected)

We may collect the following information in providing the Service:

1. Account information
   Information entered when registering for the Service or setting a profile (including but not limited to email address, name or nickname, affiliation, profile image, and other optional information).
2. Payment and contract information
   Status of paid plans, plan type, payment amount, payment date and method, identifiers such as customer ID and payment ID issued by Stripe or other payment providers (credit card numbers and similar payment details are generally obtained by the payment provider and not directly by us).
3. Usage and log information
   Access time to the Service, IP address, browser type/version, OS/device information, in‑Service activity history, error information, and other data automatically generated/stored as access or event logs.
4. Survey data and related content
   Interview questions, custom persona settings, uploaded files (including images), answers generated by AI, aggregate insights, sentiment labels, statistical analyses, and other related information entered or uploaded through the Service.

Article 4 (Methods of Collection)

We collect information by the following methods:

1. Information directly provided by users through input forms in the Service
2. Information automatically transmitted when users use the Service (e.g., access logs, cookies)
3. Information provided by payment providers, authentication providers, or other external services to the extent permitted by user consent or applicable laws

Article 5 (Purposes of Use)

We use the information defined in the preceding articles for the following purposes:

1. To provide and operate the Service
   • Manage registration, authentication, and login
   • Provide features such as persona interviews, AI‑generated responses and aggregate insights, display of survey results, history storage, and data export
2. To maintain and improve the Service
   • Investigate and address issues, improve performance, and implement security measures
   • Aggregate and analyze usage to plan and develop improvements or new features (statistical processing in non‑identifiable form may be performed)
3. To handle billing and payments
   • Calculate paid plan fees and process billing and payments
   • Address payment errors and perform administrative tasks related to billing and usage verification
4. To deliver important notices
   • Notify users of changes to terms/policies, feature changes, maintenance, incidents, and other important matters related to the Service
5. To provide optional information and marketing
   • Only with user consent or where permitted by law, send emails or similar communications about the Service, seminars, campaigns, and related information (users may opt out by methods we provide)
6. To comply with laws and regulations
   • Prevent and investigate misuse, handle disputes and litigation, and perform tax/accounting procedures and other legally required actions

Article 6 (External Transmission, Third‑Party Provision, and Overseas Transfer)

1. Transmission to generative AI providers
   1. We use generative AI services provided by OpenAI to generate persona responses, aggregate insights, and other content in the Service.
   2. Accordingly, interview questions, custom persona settings, chat content, and portions of generated responses entered by users may be sent to OpenAI.
   3. For free plans or other plans we designate, such information may be used by OpenAI for model improvement under its terms.
   4. For Pro plans or other designated plans, we use OpenAI options to prevent user data from being used for model training/improvement to the extent OpenAI settings allow.
2. Provision to infrastructure, authentication, and database services
   We use Supabase and other cloud infrastructure, authentication, and database providers to operate the Service. Account information, survey data, and other necessary data may be stored or processed by these providers.
3. Provision to payment service providers
   We use Stripe and other payment service providers for payment processing. User name, email address, plan type, payment amount, billing information, and other necessary details may be provided to these providers. Credit card numbers and similar data are generally obtained and managed directly by the payment provider, not by us.
4. Third‑party provision
   We do not provide personal information to third parties except in the following cases:
   1. With user consent
   2. When required by law
   3. When necessary to protect life, body, or property and obtaining consent is difficult
   4. When especially necessary to improve public health or promote the sound upbringing of children and obtaining consent is difficult
   5. When cooperation with a national or local government agency or its delegate is necessary to perform duties prescribed by law
5. Overseas transfer
   Many external service providers we use, including OpenAI, Supabase, and Stripe, are located outside Japan. Information provided to these providers under the preceding items may therefore be transferred to countries or regions outside Japan. We review their privacy policies and safeguards in accordance with applicable laws and strive to ensure appropriate protection of user information.

Article 7 (Joint Use)

We do not jointly use users’ personal information with third parties in a manner constituting “joint use” under Article 27, Paragraph 5, Item 3 of the Act on the Protection of Personal Information (APPI).

Article 8 (Use of Cookies, etc.)

1. We may use cookies and similar technologies to improve convenience and understand Service usage.
2. Users can refuse cookies by changing browser settings. In that case, some Service features may become unavailable.
3. When we use analytics tools, we may separately display the tool name, provider, and the scope of collected/used information on our website.

Article 9 (Retention Period)

1. Account information and payment/contract information
   We retain these while a user account is active. After withdrawal or deletion, we may retain related information for the period required by tax and accounting laws (generally about 7–10 years).
2. Survey data and related content
   We retain these while the user account is active so past results remain accessible. After withdrawal or deletion, we delete associated data from production databases within roughly 30 days after completion of the procedure. Deleted data may remain in backups for up to about 90 days due to technical constraints.
3. Logs and technical information
   We retain access logs and similar technical data for about 12 months from collection for secure operation, monitoring, and incident response, then delete or anonymize them.
4. Notwithstanding the above, information required by law is retained for the period stipulated by that law.

Article 10 (Security Measures)

We take the following measures to prevent leakage, loss, or damage of user information and ensure its security:

1. Technical measures: access control, password management, encrypted communication (HTTPS), log collection/monitoring, etc.
2. Organizational measures: limiting access rights to the minimum necessary, establishing internal rules on information management, etc.
3. Supervision of contractors: reviewing contracts and privacy policies of external service providers to ensure appropriate information management.

Article 11 (User Rights: Disclosure, Correction, Suspension, etc.)

1. Users may request notification of purpose of use, disclosure, correction/addition/deletion, suspension/erasure of use, or suspension of third‑party provision of their personal information held by us, in accordance with the APPI.
2. To make such requests, users should contact the office specified in Article 15. We may request necessary information for identity verification.
3. We may refuse all or part of a request if permitted by law. In that case, we will notify the user of the reason.

Article 12 (Additional Rights for Residents of the EU, etc.)

1. If a user resides in the EU/EEA or other regions where the GDPR or similar laws apply, we will honor additional rights under those laws, including data portability and restriction of processing, in addition to the rights in the preceding article.
2. Users may exercise these rights by contacting the office specified in Article 15.
3. Users subject to the GDPR may lodge a complaint with a supervisory authority in their country of residence or another EU member state regarding our handling of personal data.

Article 13 (Information of Minors)

1. Minors must obtain consent from their legal guardian (parent or similar) before using the Service.
2. We handle minors’ personal information appropriately in accordance with this Policy.

Article 14 (Changes to this Privacy Policy)

1. We may amend this Policy when necessary.
2. When we amend the Policy, we will announce the revised content and effective date on the Service or by other appropriate means.
3. If a user continues to use the Service on or after the effective date, the user is deemed to have agreed to the revised Policy.

Article 15 (Contact)

For questions, comments, or requests under Articles 11 and 12 concerning personal information handling, please contact the inquiry office (email address, etc.) listed on our website.

End

CAEN Inc.
Address: Miyamasuzaka Building 609, 2-19-15 Shibuya, Shibuya-ku, Tokyo 150-0002, Japan